| |
| |||||||
Log-Analyse und Auswertung: Kürzlich angezeigter Backdoor:/win32/cybot.B und Rootkit noch im System?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.01.2012, 18:11
| #1 |
 |  Kürzlich angezeigter Backdoor:/win32/cybot.B und Rootkit noch im System? Liebe Leute, auf meinem Laptop (Acer Aspire 5610Z), Betreibssystem VISTA, haben sich vor einigen Tagen schädliche Objekte eingeschlichen; anfangs meldete mir der WindowsDefender: Backdoor:/win32/cybot.B und TR/Rootkit.Gen2. Beim Versuch ins Internet zu gehen, meldete Firefox eine fehlerhafte Verbindung zum Proxy-Server (was allerdings seit Häkchen-Umsetzen in den FF-Einstellungen nicht mehr der Fall ist). Ich machte mit (meiner üblichen) antivirus-Software "Avira Antivir" einen Scan und dieser befand zwei "bedrohliche Dateien". Trotz "Delete"-click erschien beim nächsten Computer-Start die Meldung vom WindowsDefender über den Backdoor erneut. Ich ließ diverse Programme durchlaufen, u.a. Malwarebytes, welches 10 Objekte fand und löschte / in Quarantäne steckte (Logfile kann ich bei Bedarf gerne noch nachschicken). Ein weiterer Scan Spybot zeigte auch den Backdoor und "löschte" ihn. Alle anschließenden Scans mit CCleaner, AviraAntivir und Malwarebytes ergaben keinen Fund von Schädlingen... auch schien auf dem Laptop alles wie gehabt zu funktionieren, nicht weniger schnell als sonst. Doch ein Durchlauf mit Uniblue Registry Booster ergab noch 649 Fehler in System und Benutzerkonten; Und besonders merkwürdig und störend war der plötzlich schwindende Speicherplatz auf der System-Platte. Nur noch 2GB von 70,4GB wurden als frei angezeigt, stets schwankend bis zu 500MB runter. Auf der Daten-Partition war alles wie gehabt. Also habe ich alle meine Daten gesichert und mich schonmal (psychisch  ) auf eine Neuinstallation eingestellt, doch seit vorhin scheint wieder alles ganz normal, der freie Speicherplatz auf der C-Platte hat wieder die alte Größe.Sicherheitshalber hätte ich gerne einen kompetenten Blick von jemandem darauf, der Ahnung hat vom Innenleben eines PCs. Deshalb wende ich mich an euch, mit den soeben gemachten Logfiles (im Anhang). Herzlichen Dank schonmal im Voraus, Lillix defogger_disable-Log: defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:04 on 04/01/2012 (***) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... SPTD -> Disabled -=E.O.F=- OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.01.2012 16:09:51 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = D:\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,82% Memory free 4,22 Gb Paging File | 3,36 Gb Available in Paging File | 79,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 70,77 Gb Total Space | 27,45 Gb Free Space | 38,78% Space Free | Partition Type: NTFS Drive D: | 70,47 Gb Total Space | 27,10 Gb Free Space | 38,46% Space Free | Partition Type: NTFS Computer Name: A***-PC | User Name: A*** R*** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.03 23:54:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe PRC - [2011.11.07 09:26:14 | 000,025,472 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe PRC - [2009.07.21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.03.02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.09.04 11:31:43 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\AURLIE~1\AppData\Local\Temp\RtkBtMnt.exe PRC - [2007.01.02 18:58:58 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe PRC - [2007.01.02 18:58:50 | 000,464,168 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe PRC - [2007.01.02 16:46:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.01.02 09:33:24 | 000,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2006.12.28 20:07:22 | 000,126,976 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2006.12.28 17:24:14 | 000,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2006.12.22 14:43:18 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2006.12.01 06:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe ========== Modules (No Company Name) ========== MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.01.02 18:52:18 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService) SRV - [2010.02.27 17:58:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.07.21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.01.02 18:58:58 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007.01.02 16:46:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.01.02 09:33:24 | 000,135,168 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2006.12.28 20:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2006.12.28 17:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2006.12.22 14:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - [2010.01.04 21:47:30 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2006.12.20 06:50:00 | 004,448,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006.12.07 17:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006.10.30 02:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006.10.25 07:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2006.10.25 07:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2006.10.25 07:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2006.10.18 15:44:30 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA) DRV - [2006.08.04 10:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:65050 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.freitag.de/kultur" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 65050 FF - prefs.js..network.proxy.type: 4 FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.30 20:43:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.02 13:31:47 | 000,000,000 | ---D | M] [2008.09.02 07:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A*** R***\AppData\Roaming\mozilla\Extensions [2012.01.01 16:27:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A*** R***\AppData\Roaming\mozilla\Firefox\Profiles\83r1d5sg.default\extensions [2008.06.24 21:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A*** R***\AppData\Roaming\mozilla\Firefox\Profiles\83r1d5sg.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash [2011.06.11 05:34:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.05.10 05:30:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.10 07:13:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.29 19:03:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.06.11 05:34:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- C:\USERS\AURéLIE RüTHLING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\83R1D5SG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2009.09.03 23:29:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.12.30 20:43:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2008.01.23 07:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.03.19 07:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2011.12.30 20:43:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.30 20:43:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.12.30 20:43:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.06.08 19:35:23 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src [2011.12.30 20:43:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.30 20:43:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.30 20:43:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.02.28 10:43:02 | 000,380,280 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 13103 more lines... O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SetPanel] File not found O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [捁牥吠畯r] File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2847AA76-DC08-4D4F-8368-D05B33C98177}: DhcpNameServer = 83.169.184.33 83.169.184.97 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A68E9DEC-C597-412F-9254-F7F9BAFC28F8}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\A*** R***\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\A*** R***\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0ecf6315-df9c-11df-967f-0016d4ca79a7}\Shell - "" = AutoRun O33 - MountPoints2\{0ecf6315-df9c-11df-967f-0016d4ca79a7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{2f57391c-c5b6-11dc-aee3-0016d4ca79a7}\Shell - "" = AutoRun O33 - MountPoints2\{2f57391c-c5b6-11dc-aee3-0016d4ca79a7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe O33 - MountPoints2\{c1db14e7-dd94-11de-a782-0016d4ca79a7}\Shell - "" = AutoRun O33 - MountPoints2\{c1db14e7-dd94-11de-a782-0016d4ca79a7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{de056e71-23b3-11df-89c3-0016d4ca79a7}\Shell - "" = AutoRun O33 - MountPoints2\{de056e71-23b3-11df-89c3-0016d4ca79a7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.01.03 23:54:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- D:\Desktop\OTL.exe [2012.01.01 13:47:47 | 000,000,000 | ---D | C] -- C:\Users\A*** R***\AppData\Roaming\Malwarebytes [2012.01.01 13:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.01 13:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.01 13:47:35 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.01.01 13:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.01.01 13:46:01 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- D:\Desktop\mbam-setup-1.60.0.1800.exe [2012.01.01 13:31:06 | 000,000,000 | ---D | C] -- C:\Users\A*** R***\AppData\Roaming\Uniblue [2012.01.01 13:30:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} [2012.01.01 13:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue [2012.01.01 13:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue [2012.01.01 13:30:48 | 000,939,368 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\flash.ocx [2012.01.01 13:30:15 | 000,000,000 | ---D | C] -- C:\Users\A*** R***\AppData\Local\PackageAware [2011.12.30 23:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.12.30 23:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011.12.30 14:44:51 | 000,000,000 | ---D | C] -- C:\Users\A*** R***\AppData\Roaming\8B45B [2011.12.30 14:44:23 | 000,000,000 | ---D | C] -- C:\Users\A*** R***\AppData\Roaming\A008B [2011.12.15 10:46:47 | 000,000,000 | ---D | C] -- D:\Desktop\wurst [2007.09.04 11:34:20 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2007.01.19 11:56:42 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [1 D:\Desktop\*.tmp files -> D:\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.04 16:07:19 | 000,013,542 | ---- | M] () -- C:\Users\A*** R***\AppData\Roaming\nvModes.001 [2012.01.04 16:07:08 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.04 16:07:08 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.04 16:07:02 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2012.01.04 16:06:59 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2012.01.04 16:06:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.04 16:04:32 | 000,000,020 | ---- | M] () -- C:\Users\A*** R***\defogger_reenable [2012.01.04 00:04:32 | 000,302,592 | ---- | M] () -- D:\Desktop\5wzco674.exe [2012.01.03 23:54:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe [2012.01.03 23:52:52 | 000,050,477 | ---- | M] () -- D:\Desktop\Defogger.exe [2012.01.03 21:08:13 | 000,013,542 | ---- | M] () -- C:\Users\A*** R***\AppData\Roaming\nvModes.dat [2012.01.02 01:18:23 | 000,096,932 | ---- | M] () -- D:\Documents\cc_20120102_011802.reg [2012.01.01 13:47:39 | 000,000,928 | ---- | M] () -- D:\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.01 13:46:30 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- D:\Desktop\mbam-setup-1.60.0.1800.exe [2011.12.30 21:08:10 | 000,638,418 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.30 21:08:10 | 000,604,280 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.30 21:08:10 | 000,107,958 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.30 21:08:09 | 000,131,332 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.18 02:51:36 | 000,047,018 | ---- | M] () -- D:\Desktop\opu.mmp [2011.12.17 16:51:49 | 000,010,240 | ---- | M] () -- C:\Users\A*** R***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.16 14:53:11 | 002,378,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.13 13:23:15 | 000,048,784 | ---- | M] () -- D:\Desktop\stundenplan themen.pdf [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 D:\Desktop\*.tmp files -> D:\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.04 16:04:13 | 000,000,020 | ---- | C] () -- C:\Users\A*** R***\defogger_reenable [2012.01.04 00:04:27 | 000,302,592 | ---- | C] () -- D:\Desktop\5wzco674.exe [2012.01.03 23:52:49 | 000,050,477 | ---- | C] () -- D:\Desktop\Defogger.exe [2012.01.03 20:56:47 | 000,000,928 | ---- | C] () -- D:\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.02 01:18:06 | 000,096,932 | ---- | C] () -- D:\Documents\cc_20120102_011802.reg [2012.01.01 13:31:12 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job [2011.12.13 13:23:11 | 000,048,784 | ---- | C] () -- D:\Desktop\stundenplan themen.pdf [2011.07.18 12:58:41 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.02.28 17:45:53 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2009.09.24 18:33:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.24 18:33:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.06.27 22:28:25 | 000,000,680 | ---- | C] () -- C:\Users\A*** R***\AppData\Local\d3d9caps.dat [2008.10.24 23:23:07 | 000,024,064 | ---- | C] () -- C:\Users\A*** R***\AppData\Roaming\UserTile.png [2008.08.14 21:08:18 | 000,000,000 | ---- | C] () -- C:\Windows\DMM.INI [2008.07.24 23:32:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.05.16 19:36:53 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2008.03.31 16:15:59 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2008.02.05 19:26:18 | 000,000,025 | ---- | C] () -- C:\Windows\wpd99.drv [2008.02.05 19:26:17 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll [2007.09.10 14:22:47 | 000,163,840 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007.09.10 14:22:43 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007.09.10 14:22:43 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2007.09.10 14:22:41 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007.09.07 16:42:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2007.09.07 14:08:56 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.09.05 21:34:09 | 000,010,240 | ---- | C] () -- C:\Users\A*** R***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.09.04 17:47:37 | 000,013,542 | ---- | C] () -- C:\Users\A*** R***\AppData\Roaming\nvModes.001 [2007.09.04 12:26:59 | 000,013,542 | ---- | C] () -- C:\Users\A*** R***\AppData\Roaming\nvModes.dat [2007.09.04 11:34:20 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2007.09.04 11:30:31 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini [2007.03.08 08:31:30 | 000,000,101 | ---- | C] () -- C:\Windows\Alaunch.ini [2007.03.08 08:24:19 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\Desktop_.ini [2007.03.08 01:13:47 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2007.01.19 21:01:56 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.01.19 19:03:19 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.01.19 12:11:31 | 000,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll [2007.01.19 12:04:40 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2007.01.19 12:04:40 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007.01.19 12:03:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2007.01.19 11:56:42 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.01.19 11:46:19 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll [2007.01.19 11:39:34 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat [2007.01.02 18:54:14 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.01.02 18:53:54 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.01.02 18:53:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.01.02 18:52:40 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MsnChatHook_org.dll [2007.01.02 18:52:28 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.01.02 18:52:26 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.01.02 18:52:18 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.12.25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin [2006.11.02 16:33:31 | 000,638,418 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,131,332 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 002,378,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,604,280 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,107,958 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2012.01.01 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\A*** R***\AppData\Roaming\8B45B [2012.01.01 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\A*** R***\AppData\Roaming\A008B [2011.03.28 13:54:42 | 000,000,000 | ---D | M] -- C:\Users\A*** R***\AppData\Roaming\Amazon [2008.01.03 00:02:58 | 000,000,000 | ---D | M] -- C:\Users\A*** R***\AppData\Roaming\Anvil Studio [2010.02.27 17:06:47 | 000,000,000 | ---D | M] -- C:\Users\A*** R***\AppData\Roaming\DAEMON Tools Lite [2011.03.09 10:40:56 | 000,000,000 | ---D | M] -- C:\Users\A*** R***\AppData\Roaming\DVDVideoSoftIEHelpers [2009.02.06 10:51:23 | 000,000,000 | ---D | M] -- C:\Users\A*** R***\AppData\Roaming\gtk-2.0 [2011.07.12 14:05:36 | 000,000,000 | ---D | M] -- C:\Users\A*** R***\AppData\Roaming\Gutscheinmieze [2009.01.21 22:57:54 | 000,000,000 | ---D | M] -- C:\Users\A*** R***\AppData\Roaming\Propellerhead Software [2008.05.16 22:30:53 | 000,000,000 | ---D | M] -- C:\Users\A*** R***\AppData\Roaming\Steinberg [2012.01.01 13:31:06 | 000,000,000 | ---D | M] -- C:\Users\A*** R***\AppData\Roaming\Uniblue [2012.01.04 16:07:02 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job [2012.01.04 16:05:40 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Geändert von lillix (04.01.2012 um 18:26 Uhr) |
|
04.01.2012, 19:25
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Kürzlich angezeigter Backdoor:/win32/cybot.B und Rootkit noch im System? Die Beschreibungen der Funde sind dieser Form zu uninformativ. POste alle Logs von Malwarebytes und den anderen Scannern.
__________________
__________________ |
|
04.01.2012, 21:42
| #3 |
| | Kürzlich angezeigter Backdoor:/win32/cybot.B und Rootkit noch im System? Hallo Cosinus,
__________________vielen Dank schonmal für die schnelle Reaktion! Im Anhang also die Logdateien von Avira und Malwarebytes, die ersten enthalten jeweils die Bezeichnungen der Befunde, die weiteren (2,3,4..) zeigen keine Funde mehr an. Bei Spybot S&D finde ich leider keine Möglichkeit an frühere Berichte zu kommen, deshalb hab ich einen aktuellen angefügt. CCleaner und Windows scheinen gar keine Berichte herzustellen?! Oder wo/wie kann ich sie ausfindig machen? Oder können Windows-Problemberichte vom 30.12.2011 etwas nutzen? Mir ist noch eingefallen, dass ich auch einen ChkDsk habe laufen lassen. Vielen Dank für jeden Beitrag, und schöne Grüße! Lilli |
|
04.01.2012, 22:11
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kürzlich angezeigter Backdoor:/win32/cybot.B und Rootkit noch im System? Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.01.2012, 23:37
| #5 |
| | Kürzlich angezeigter Backdoor:/win32/cybot.B und Rootkit noch im System? OK, wird gemacht! |
|
05.01.2012, 01:51
| #6 |
| | Kürzlich angezeigter Backdoor:/win32/cybot.B und Rootkit noch im System? Danke für den Hinweis, hat alles geklappt, hier die log von ESET: ESETSmartInstaller@High as downloader log: Code:
ATTFilter Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=1
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=dfc29408f729fc438993d748e1bdcf1e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-05 12:37:51
# local_time=2012-01-05 01:37:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 291284 98375365 297063 0
# compatibility_mode=5892 16776573 100 100 27874 163249978 0 0
# compatibility_mode=8192 67108863 100 0 6290 6290 0 0
# scanned=215699
# found=17
# cleaned=0
# scan_time=6620
C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Uniblue\RegistryBooster\rb_ubm.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\A*** R**\AppData\Local\Temp\mia5E27.tmp\data\OFFLINE\7F895C1F\DE39FC21\Launcher.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\A*** R**\AppData\Local\Temp\mia5E27.tmp\data\OFFLINE\7F895C1F\DE39FC21\rbmonitor.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\A*** R**\AppData\Local\Temp\mia5E27.tmp\data\OFFLINE\7F895C1F\DE39FC21\rbnotifier.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\A*** R**\AppData\Local\Temp\mia5E27.tmp\data\OFFLINE\7F895C1F\DE39FC21\rb_move_serial.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\A*** R**\AppData\Local\Temp\mia5E27.tmp\data\OFFLINE\7F895C1F\DE39FC21\rb_ubm.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\A*** R**\AppData\Local\Temp\mia5E27.tmp\data\OFFLINE\7F895C1F\DE39FC21\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\A*** R**\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\1c7d99da-5bca682c a variant of Java/Exploit.CVE-2011-3544.Q trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\A*** R**\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\1e525ae3-5ce99075 Win32/TrojanDownloader.Zurgop.AI trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\A*** R**\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\3bd82270-7d144126 Java/Exploit.CVE-2011-3544.P trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\A*** R**\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\43458f85-1cceb575 a variant of Java/Agent.BR trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} Win32/RegistryBooster application 00000000000000000000000000000000 I
|
|
05.01.2012, 10:40
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kürzlich angezeigter Backdoor:/win32/cybot.B und Rootkit noch im System?Zitat:
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen. Zerstörst Du die Registry, zerstörst Du Windows.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.01.2012, 11:14
| #8 |
| | Kürzlich angezeigter Backdoor:/win32/cybot.B und Rootkit noch im System? Lieben Dank für die Info, Cosinus! Hab das Programm deinstalliert. Es kam mir auch nicht ganz geheuer vor, es hat nur eine Unmenge an Fehlern angegeben, alle weiteren Funktionen wären kostenpflichtig gewesen.. Ist denn das System jetzt wieder komplett clean? Zumal ich das "Uniblue Registry Booster" ja erst NACH den Trojaner-Meldungen eingebaut hatte..? Viele Grüße, Lilli |
|
05.01.2012, 11:29
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kürzlich angezeigter Backdoor:/win32/cybot.B und Rootkit noch im System? Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.01.2012, 12:01
| #10 |
| | Kürzlich angezeigter Backdoor:/win32/cybot.B und Rootkit noch im System? Alles klar, danke für die ausführliche Betreuung ,hier der Code!OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.01.2012 11:36:03 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = D:\Desktop\through the backdoor Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 62,66% Memory free 4,23 Gb Paging File | 3,29 Gb Available in Paging File | 77,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 70,77 Gb Total Space | 26,65 Gb Free Space | 37,65% Space Free | Partition Type: NTFS Drive D: | 70,47 Gb Total Space | 27,10 Gb Free Space | 38,45% Space Free | Partition Type: NTFS Computer Name: AURÉLIE-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.03 23:54:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Desktop\through the backdoor\OTL.exe PRC - [2009.07.21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.03.02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.09.04 11:31:43 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\AURLIE~1\AppData\Local\Temp\RtkBtMnt.exe PRC - [2007.01.02 18:58:58 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe PRC - [2007.01.02 18:58:50 | 000,464,168 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe PRC - [2007.01.02 16:46:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.01.02 09:33:24 | 000,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2006.12.28 20:07:22 | 000,126,976 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2006.12.28 17:24:14 | 000,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2006.12.22 14:43:18 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2006.12.01 06:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe ========== Modules (No Company Name) ========== MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.01.02 18:52:18 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService) SRV - [2010.02.27 17:58:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.07.21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.01.02 18:58:58 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007.01.02 16:46:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.01.02 09:33:24 | 000,135,168 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2006.12.28 20:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2006.12.28 17:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2006.12.22 14:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - [2010.01.04 21:47:30 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2006.12.20 06:50:00 | 004,448,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006.12.07 17:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006.10.30 02:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006.10.25 07:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2006.10.25 07:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2006.10.25 07:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2006.10.18 15:44:30 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA) DRV - [2006.08.04 10:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:65050 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.freitag.de/kultur" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.type: 4 FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.30 20:43:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.02 13:31:47 | 000,000,000 | ---D | M] [2008.09.02 07:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.01.01 16:27:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\83r1d5sg.default\extensions [2008.06.24 21:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\83r1d5sg.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash [2011.06.11 05:34:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.05.10 05:30:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.10 07:13:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.29 19:03:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.06.11 05:34:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- C:\USERS\AURéLIE RüTHLING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\83R1D5SG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2009.09.03 23:29:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.12.30 20:43:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2008.01.23 07:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.03.19 07:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2011.12.30 20:43:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.30 20:43:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.12.30 20:43:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.06.08 19:35:23 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src [2011.12.30 20:43:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.30 20:43:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.30 20:43:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.02.28 10:43:02 | 000,380,280 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 13103 more lines... O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SetPanel] File not found O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [捁牥吠畯r] File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.33 83.169.184.97 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2847AA76-DC08-4D4F-8368-D05B33C98177}: DhcpNameServer = 83.169.184.33 83.169.184.97 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A68E9DEC-C597-412F-9254-F7F9BAFC28F8}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0ecf6315-df9c-11df-967f-0016d4ca79a7}\Shell - "" = AutoRun O33 - MountPoints2\{0ecf6315-df9c-11df-967f-0016d4ca79a7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{2f57391c-c5b6-11dc-aee3-0016d4ca79a7}\Shell - "" = AutoRun O33 - MountPoints2\{2f57391c-c5b6-11dc-aee3-0016d4ca79a7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe O33 - MountPoints2\{c1db14e7-dd94-11de-a782-0016d4ca79a7}\Shell - "" = AutoRun O33 - MountPoints2\{c1db14e7-dd94-11de-a782-0016d4ca79a7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{de056e71-23b3-11df-89c3-0016d4ca79a7}\Shell - "" = AutoRun O33 - MountPoints2\{de056e71-23b3-11df-89c3-0016d4ca79a7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - lameACM.acm File not found Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll () Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.05 11:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} [2012.01.04 23:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.01.04 18:40:54 | 000,000,000 | ---D | C] -- D:\Desktop\through the backdoor [2012.01.04 17:53:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.01.04 17:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.01.01 13:47:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.01.01 13:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.01 13:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.01 13:47:35 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.01.01 13:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.01.01 13:30:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0 [2012.01.01 13:30:48 | 000,939,368 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\flash.ocx [2012.01.01 13:30:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PackageAware [2011.12.30 23:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.12.30 23:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011.12.30 14:44:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\8B45B [2011.12.30 14:44:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\A008B [2011.12.15 10:46:47 | 000,000,000 | ---D | C] -- D:\Desktop\wurst [2007.09.04 11:34:20 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2007.01.19 11:56:42 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [1 D:\Desktop\*.tmp files -> D:\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.05 10:53:50 | 000,013,542 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.dat [2012.01.05 10:53:49 | 000,013,542 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2012.01.05 10:53:10 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2012.01.05 10:53:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.05 10:53:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.05 10:52:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.04 22:46:42 | 003,220,374 | ---- | M] () -- D:\Desktop\mein hass.mp3 [2012.01.04 16:04:32 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.01.01 13:47:39 | 000,000,928 | ---- | M] () -- D:\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.30 21:08:10 | 000,638,418 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.30 21:08:10 | 000,604,280 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.30 21:08:10 | 000,107,958 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.30 21:08:09 | 000,131,332 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.18 02:51:36 | 000,047,018 | ---- | M] () -- D:\Desktop\opu.mmp [2011.12.17 16:51:49 | 000,010,240 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.16 14:53:11 | 002,378,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.13 13:23:15 | 000,048,784 | ---- | M] () -- D:\Desktop\stundenplan themen.pdf [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 D:\Desktop\*.tmp files -> D:\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.04 22:46:38 | 003,220,374 | ---- | C] () -- D:\Desktop\mein hass.mp3 [2012.01.04 16:04:13 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.01.03 20:56:47 | 000,000,928 | ---- | C] () -- D:\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.13 13:23:11 | 000,048,784 | ---- | C] () -- D:\Desktop\stundenplan themen.pdf [2011.07.18 12:58:41 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.02.28 17:45:53 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2009.09.24 18:33:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.24 18:33:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.06.27 22:28:25 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2008.10.24 23:23:07 | 000,024,064 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2008.08.14 21:08:18 | 000,000,000 | ---- | C] () -- C:\Windows\DMM.INI [2008.07.24 23:32:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.05.16 19:36:53 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2008.03.31 16:15:59 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2008.02.05 19:26:18 | 000,000,025 | ---- | C] () -- C:\Windows\wpd99.drv [2008.02.05 19:26:17 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll [2007.09.10 14:22:47 | 000,163,840 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007.09.10 14:22:43 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007.09.10 14:22:43 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2007.09.10 14:22:41 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007.09.07 16:42:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2007.09.07 14:08:56 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.09.05 21:34:09 | 000,010,240 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.09.04 17:47:37 | 000,013,542 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2007.09.04 12:26:59 | 000,013,542 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat [2007.09.04 11:34:20 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2007.09.04 11:30:31 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini [2007.03.08 08:31:30 | 000,000,101 | ---- | C] () -- C:\Windows\Alaunch.ini [2007.03.08 08:24:19 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\Desktop_.ini [2007.03.08 01:13:47 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2007.01.19 21:01:56 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.01.19 19:03:19 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.01.19 12:11:31 | 000,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll [2007.01.19 12:04:40 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2007.01.19 12:04:40 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007.01.19 12:03:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2007.01.19 11:56:42 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.01.19 11:46:19 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll [2007.01.19 11:39:34 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat [2007.01.02 18:54:14 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.01.02 18:53:54 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.01.02 18:53:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.01.02 18:52:40 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MsnChatHook_org.dll [2007.01.02 18:52:28 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.01.02 18:52:26 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.01.02 18:52:18 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.12.25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin [2006.11.02 16:33:31 | 000,638,418 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,131,332 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 002,378,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,604,280 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,107,958 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2012.01.01 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\8B45B [2012.01.01 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\A008B [2011.03.28 13:54:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2008.01.03 00:02:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Anvil Studio [2010.02.27 17:06:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2011.03.09 10:40:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2009.02.06 10:51:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2011.07.12 14:05:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gutscheinmieze [2009.01.21 22:57:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Propellerhead Software [2008.05.16 22:30:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steinberg [2012.01.05 10:52:58 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.01.01 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\8B45B [2012.01.01 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\A008B [2011.12.15 14:11:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe [2007.11.05 20:37:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AdobeUM [2011.03.28 13:54:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2008.01.03 00:02:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Anvil Studio [2008.03.30 21:00:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer [2007.09.05 21:32:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink [2010.02.27 17:06:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2011.06.08 19:37:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX [2011.12.17 19:26:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss [2011.03.09 10:40:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2008.04.15 14:18:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Google [2009.02.06 10:51:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2011.07.12 14:05:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gutscheinmieze [2007.09.04 11:30:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities [2009.04.23 20:48:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia [2012.01.01 13:47:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs [2007.09.10 14:26:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Player Classic [2012.01.01 15:46:37 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft [2008.07.12 01:46:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MixMeister Technology [2008.09.02 07:57:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla [2012.01.05 01:54:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org2 [2009.01.21 22:57:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Propellerhead Software [2008.05.16 22:30:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steinberg [2007.09.10 14:31:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc [2008.03.31 16:15:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.06.10 12:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Users\***\AppData\Roaming\Gutscheinmieze\uninstall.exe [2009.03.26 14:08:38 | 001,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2010.10.31 09:07:58 | 002,788,816 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2008.07.11 19:55:37 | 000,000,766 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{E89B484C-B913-49A0-959B-89E836001658}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.02.13 23:44:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.13 23:44:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.13 23:44:42 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: ENETHOOK.DLL > [2006.12.28 20:07:22 | 000,090,112 | ---- | M] (acer) MD5=D1DDFF67D47BD6762A6B2282E5C354AD -- C:\Acer\Empowering Technology\eNet\eNetHook.dll [2006.12.28 20:07:22 | 000,090,112 | ---- | M] (acer) MD5=D1DDFF67D47BD6762A6B2282E5C354AD -- C:\Windows\System32\eNetHook.dll < MD5 for: IASTORV.SYS > [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.09.07 12:41:32 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.09.07 12:41:32 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
05.01.2012, 14:05
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kürzlich angezeigter Backdoor:/win32/cybot.B und Rootkit noch im System? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://alice.aol.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:65050
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.type: 4
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
[2008.01.23 07:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [SetPanel] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [????r] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0ecf6315-df9c-11df-967f-0016d4ca79a7}\Shell - "" = AutoRun
O33 - MountPoints2\{0ecf6315-df9c-11df-967f-0016d4ca79a7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{2f57391c-c5b6-11dc-aee3-0016d4ca79a7}\Shell - "" = AutoRun
O33 - MountPoints2\{2f57391c-c5b6-11dc-aee3-0016d4ca79a7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{c1db14e7-dd94-11de-a782-0016d4ca79a7}\Shell - "" = AutoRun
O33 - MountPoints2\{c1db14e7-dd94-11de-a782-0016d4ca79a7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{de056e71-23b3-11df-89c3-0016d4ca79a7}\Shell - "" = AutoRun
O33 - MountPoints2\{de056e71-23b3-11df-89c3-0016d4ca79a7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
[2011.12.30 14:44:51 | 000,000,000 | ---D | C] -- C:\Users\A\AppData\Roaming\8B45B
[2011.12.30 14:44:23 | 000,000,000 | ---D | C] -- C:\Users\A\AppData\Roaming\A008B
[2011.07.12 14:05:36 | 000,000,000 | ---D | M] -- C:\Users\Au\AppData\Roaming\Gutscheinmieze
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten Geändert von Larusso (08.01.2012 um 22:11 Uhr) |
|
05.01.2012, 16:28
| #12 |
| | Kürzlich angezeigter Backdoor:/win32/cybot.B und Rootkit noch im System? Danke für das Script!! Alles hat, wie du geraten hast, funktioniert, hier das log nach dem automatischen Neustart: Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "foxsearch" removed from browser.search.defaultenginename
Prefs.js: "foxsearch" removed from browser.search.order.1
Prefs.js: "foxsearch" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
Prefs.js: 4 removed from network.proxy.type
C:\Users\A\AppData\Roaming\Mozilla\FireFox\Profiles\83r1d5sg.default\user.js moved successfully.
C:\Programme\Mozilla Firefox\plugins\npBitCometAgent.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ deleted successfully.
C:\Windows\System32\ActiveToolBand.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477e-A7DD-396DB0476E29}\ deleted successfully.
C:\Windows\System32\eDStoolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found.
File C:\Windows\System32\eDStoolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SetPanel deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\????r not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ecf6315-df9c-11df-967f-0016d4ca79a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ecf6315-df9c-11df-967f-0016d4ca79a7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ecf6315-df9c-11df-967f-0016d4ca79a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ecf6315-df9c-11df-967f-0016d4ca79a7}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f57391c-c5b6-11dc-aee3-0016d4ca79a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f57391c-c5b6-11dc-aee3-0016d4ca79a7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f57391c-c5b6-11dc-aee3-0016d4ca79a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f57391c-c5b6-11dc-aee3-0016d4ca79a7}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1db14e7-dd94-11de-a782-0016d4ca79a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1db14e7-dd94-11de-a782-0016d4ca79a7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1db14e7-dd94-11de-a782-0016d4ca79a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1db14e7-dd94-11de-a782-0016d4ca79a7}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de056e71-23b3-11df-89c3-0016d4ca79a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de056e71-23b3-11df-89c3-0016d4ca79a7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de056e71-23b3-11df-89c3-0016d4ca79a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de056e71-23b3-11df-89c3-0016d4ca79a7}\ not found.
File F:\LaunchU3.exe -a not found.
C:\Users\Au\AppData\Roaming\8B45B folder moved successfully.
C:\Users\Au\AppData\Roaming\A008B folder moved successfully.
C:\Users\Au\AppData\Roaming\Gutscheinmieze folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User:
->Temp folder emptied: 29212427 bytes
->Temporary Internet Files folder emptied: 18151757 bytes
->Java cache emptied: 5472771 bytes
->FireFox cache emptied: 52808494 bytes
->Apple Safari cache emptied: 14336 bytes
->Flash cache emptied: 4708449 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 531252 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 106,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 01052012_161808
Files\Folders moved on Reboot...
File\Folder C:\Users\A\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\XF3ZORE8\3,26884,26892,26905,26907,26911,26917,27002,27006,28011,28052,29170,29661,33558%26RawValues%3dNGUID%252Cc261226b-5164-1903518489-1%26Redirect%3d;ord=dkeykdj,bhpNnsqkAcc[1] not found!
File\Folder C:\Users\A\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\Q451NGAJ\138;noperf=1;alias=100001951;noaddonpl=y;artexc=all;artinc=art_image,art_img1x1,art_3pimg,art_text;kvpg=alice.aol[1].de;kvmn=100001951;target=_blank;aduho=60;grp=281380220 not found!
File\Folder C:\Users\A\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\Q451NGAJ\8,26836,26884,26892,26905,26907,26917,27002,27006,28011,28052,29170,29661,33558%26RawValues%3dNGUID%252Cc261226b-5164-1903518489-1%26Redirect%3d;ord=cwrhyhK,bhpNnsowjfb[1] not found!
Registry entries deleted on Reboot...
Geändert von Larusso (08.01.2012 um 22:07 Uhr) |
|
05.01.2012, 16:38
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kürzlich angezeigter Backdoor:/win32/cybot.B und Rootkit noch im System? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.01.2012, 17:05
| #14 |
| | Kürzlich angezeigter Backdoor:/win32/cybot.B und Rootkit noch im System? auch das hat super geklappt, bin dir echt dankbar für die klare Unterstützung! Nach dem Scan kam eine zweifelhafte Meldung, bei der ich mit "skip" weitergemacht habe. Hier also das Log Code:
ATTFilter 16:57:30.0979 1968 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
16:57:31.0042 1968 ============================================================
16:57:31.0042 1968 Current date / time: 2012/01/05 16:57:31.0042
16:57:31.0042 1968 SystemInfo:
16:57:31.0042 1968
16:57:31.0042 1968 OS Version: 6.0.6002 ServicePack: 2.0
16:57:31.0042 1968 Product type: Workstation
16:57:31.0042 1968 ComputerName:
16:57:31.0042 1968 UserName:
16:57:31.0042 1968 Windows directory: C:\Windows
16:57:31.0042 1968 System windows directory: C:\Windows
16:57:31.0042 1968 Processor architecture: Intel x86
16:57:31.0042 1968 Number of processors: 2
16:57:31.0042 1968 Page size: 0x1000
16:57:31.0042 1968 Boot type: Normal boot
16:57:31.0042 1968 ============================================================
16:57:32.0508 1968 Initialize success
16:57:52.0148 3612 ============================================================
16:57:52.0148 3612 Scan started
16:57:52.0148 3612 Mode: Manual; SigCheck; TDLFS;
16:57:52.0148 3612 ============================================================
16:57:52.0928 3612 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:57:53.0084 3612 ACPI - ok
16:57:53.0303 3612 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
16:57:53.0350 3612 adp94xx - ok
16:57:53.0396 3612 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
16:57:53.0428 3612 adpahci - ok
16:57:53.0459 3612 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
16:57:53.0474 3612 adpu160m - ok
16:57:53.0599 3612 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
16:57:53.0646 3612 adpu320 - ok
16:57:53.0708 3612 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:57:53.0786 3612 AFD - ok
16:57:53.0911 3612 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
16:57:53.0927 3612 agp440 - ok
16:57:53.0974 3612 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:57:54.0005 3612 aic78xx - ok
16:57:54.0036 3612 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
16:57:54.0052 3612 aliide - ok
16:57:54.0254 3612 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
16:57:54.0301 3612 amdagp - ok
16:57:54.0348 3612 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
16:57:54.0364 3612 amdide - ok
16:57:54.0566 3612 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
16:57:54.0800 3612 AmdK7 - ok
16:57:55.0003 3612 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
16:57:55.0175 3612 AmdK8 - ok
16:57:55.0378 3612 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
16:57:55.0409 3612 arc - ok
16:57:55.0456 3612 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
16:57:55.0487 3612 arcsas - ok
16:57:55.0596 3612 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:57:55.0861 3612 AsyncMac - ok
16:57:56.0111 3612 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
16:57:56.0126 3612 atapi - ok
16:57:56.0204 3612 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
16:57:56.0236 3612 avgio - ok
16:57:56.0345 3612 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
16:57:56.0454 3612 avgntflt - ok
16:57:56.0485 3612 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\Windows\system32\DRIVERS\avipbb.sys
16:57:56.0485 3612 avipbb - ok
16:57:56.0548 3612 b57nd60x (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:57:56.0626 3612 b57nd60x - ok
16:57:56.0750 3612 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
16:57:56.0844 3612 bcm4sbxp - ok
16:57:56.0891 3612 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:57:56.0969 3612 Beep - ok
16:57:57.0062 3612 blbdrive - ok
16:57:57.0125 3612 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:57:57.0187 3612 bowser - ok
16:57:57.0296 3612 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:57:57.0406 3612 BrFiltLo - ok
16:57:57.0484 3612 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:57:57.0530 3612 BrFiltUp - ok
16:57:57.0577 3612 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:57:57.0671 3612 Brserid - ok
16:57:57.0764 3612 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:57:57.0842 3612 BrSerWdm - ok
16:57:57.0874 3612 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:57:57.0967 3612 BrUsbMdm - ok
16:57:58.0014 3612 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:57:58.0123 3612 BrUsbSer - ok
16:57:58.0217 3612 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:57:58.0310 3612 BTHMODEM - ok
16:57:58.0373 3612 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:57:58.0435 3612 cdfs - ok
16:57:58.0560 3612 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:57:58.0607 3612 cdrom - ok
16:57:58.0654 3612 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
16:57:58.0747 3612 circlass - ok
16:57:58.0825 3612 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:57:58.0872 3612 CLFS - ok
16:57:58.0997 3612 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:57:59.0075 3612 CmBatt - ok
16:57:59.0200 3612 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
16:57:59.0215 3612 cmdide - ok
16:57:59.0262 3612 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:57:59.0278 3612 Compbatt - ok
16:57:59.0309 3612 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
16:57:59.0324 3612 crcdisk - ok
16:57:59.0371 3612 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
16:57:59.0449 3612 Crusoe - ok
16:57:59.0777 3612 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:57:59.0824 3612 DfsC - ok
16:58:00.0104 3612 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:58:00.0136 3612 disk - ok
16:58:00.0198 3612 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:58:00.0245 3612 drmkaud - ok
16:58:00.0354 3612 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:58:00.0401 3612 DXGKrnl - ok
16:58:00.0510 3612 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:58:00.0619 3612 E1G60 - ok
16:58:00.0697 3612 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:58:00.0728 3612 Ecache - ok
16:58:00.0884 3612 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
16:58:00.0916 3612 elxstor - ok
16:58:00.0978 3612 EMSCR (1fa3f9df8983873746fa6b72dd7e3c2c) C:\Windows\system32\DRIVERS\EMS7SK.sys
16:58:01.0025 3612 EMSCR - ok
16:58:01.0150 3612 ESDCR (9c7487253aad6bf61f9bc83d50e32ccc) C:\Windows\system32\DRIVERS\ESD7SK.sys
16:58:01.0196 3612 ESDCR - ok
16:58:01.0228 3612 ESMCR (99589d975da04f8bd31f124428fcc797) C:\Windows\system32\DRIVERS\ESM7SK.sys
16:58:01.0274 3612 ESMCR - ok
16:58:01.0399 3612 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:58:01.0477 3612 exfat - ok
16:58:01.0524 3612 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:58:01.0571 3612 fastfat - ok
16:58:01.0680 3612 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
16:58:01.0774 3612 fdc - ok
16:58:01.0820 3612 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:58:01.0852 3612 FileInfo - ok
16:58:01.0945 3612 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:58:02.0008 3612 Filetrace - ok
16:58:02.0070 3612 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
16:58:02.0164 3612 flpydisk - ok
16:58:02.0257 3612 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:58:02.0288 3612 FltMgr - ok
16:58:02.0351 3612 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:58:02.0398 3612 Fs_Rec - ok
16:58:02.0507 3612 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
16:58:02.0538 3612 gagp30kx - ok
16:58:02.0600 3612 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\Windows\system32\Drivers\GEARAspiWDM.sys
16:58:02.0663 3612 GEARAspiWDM - ok
16:58:02.0788 3612 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:58:02.0897 3612 HdAudAddService - ok
16:58:02.0944 3612 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:58:02.0990 3612 HDAudBus - ok
16:58:03.0100 3612 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:58:03.0209 3612 HidBth - ok
16:58:03.0240 3612 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:58:03.0318 3612 HidIr - ok
16:58:03.0365 3612 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:58:03.0427 3612 HidUsb - ok
16:58:03.0536 3612 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
16:58:03.0568 3612 HpCISSs - ok
16:58:03.0614 3612 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:58:03.0677 3612 HSFHWAZL - ok
16:58:03.0739 3612 HSF_DPV (9efa5fec26cec696a66a891ac90b412d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:58:03.0895 3612 HSF_DPV - ok
16:58:04.0036 3612 HSXHWAZL (7e775360ece92156ced6ed3b1daf6208) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:58:04.0098 3612 HSXHWAZL - ok
16:58:04.0145 3612 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
16:58:04.0254 3612 HTTP - ok
16:58:04.0379 3612 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
16:58:04.0410 3612 i2omp - ok
16:58:04.0472 3612 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:58:04.0519 3612 i8042prt - ok
16:58:04.0675 3612 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
16:58:04.0706 3612 iaStorV - ok
16:58:04.0753 3612 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:58:04.0769 3612 iirsp - ok
16:58:04.0862 3612 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys
16:58:04.0940 3612 int15 - ok
16:58:05.0112 3612 IntcAzAudAddService (04bef1c4aa990e0d5851c7532fc8642c) C:\Windows\system32\drivers\RTKVHDA.sys
16:58:05.0424 3612 IntcAzAudAddService - ok
16:58:05.0564 3612 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
16:58:05.0580 3612 intelide - ok
16:58:05.0642 3612 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:58:05.0689 3612 intelppm - ok
16:58:05.0814 3612 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:58:05.0861 3612 IpFilterDriver - ok
16:58:05.0876 3612 IpInIp - ok
16:58:05.0939 3612 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
16:58:06.0017 3612 IPMIDRV - ok
16:58:06.0064 3612 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:58:06.0126 3612 IPNAT - ok
16:58:06.0235 3612 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
16:58:06.0298 3612 irda - ok
16:58:06.0344 3612 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:58:06.0391 3612 IRENUM - ok
16:58:06.0454 3612 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
16:58:06.0469 3612 isapnp - ok
16:58:06.0578 3612 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:58:06.0610 3612 iScsiPrt - ok
16:58:06.0641 3612 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:58:06.0656 3612 iteatapi - ok
16:58:06.0703 3612 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:58:06.0734 3612 iteraid - ok
16:58:06.0828 3612 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:58:06.0844 3612 kbdclass - ok
16:58:06.0890 3612 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
16:58:06.0968 3612 kbdhid - ok
16:58:07.0015 3612 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
16:58:07.0078 3612 KSecDD - ok
16:58:07.0202 3612 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:58:07.0249 3612 lltdio - ok
16:58:07.0312 3612 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
16:58:07.0327 3612 LSI_FC - ok
16:58:07.0358 3612 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
16:58:07.0374 3612 LSI_SAS - ok
16:58:07.0499 3612 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
16:58:07.0530 3612 LSI_SCSI - ok
16:58:07.0577 3612 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:58:07.0639 3612 luafv - ok
16:58:07.0764 3612 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:58:07.0811 3612 mdmxsdk - ok
16:58:07.0858 3612 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
16:58:07.0873 3612 megasas - ok
16:58:08.0014 3612 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:58:08.0076 3612 Modem - ok
16:58:08.0123 3612 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:58:08.0170 3612 monitor - ok
16:58:08.0294 3612 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:58:08.0310 3612 mouclass - ok
16:58:08.0341 3612 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:58:08.0372 3612 mouhid - ok
16:58:08.0419 3612 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:58:08.0435 3612 MountMgr - ok
16:58:08.0560 3612 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
16:58:08.0575 3612 mpio - ok
16:58:08.0638 3612 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:58:08.0684 3612 mpsdrv - ok
16:58:08.0731 3612 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:58:08.0747 3612 Mraid35x - ok
16:58:08.0856 3612 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:58:08.0887 3612 MRxDAV - ok
16:58:08.0934 3612 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:58:08.0996 3612 mrxsmb - ok
16:58:09.0121 3612 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:58:09.0184 3612 mrxsmb10 - ok
16:58:09.0215 3612 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:58:09.0246 3612 mrxsmb20 - ok
16:58:09.0293 3612 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
16:58:09.0308 3612 msahci - ok
16:58:09.0418 3612 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
16:58:09.0449 3612 msdsm - ok
16:58:09.0496 3612 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:58:09.0558 3612 Msfs - ok
16:58:09.0667 3612 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:58:09.0698 3612 msisadrv - ok
16:58:09.0730 3612 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:58:09.0792 3612 MSKSSRV - ok
16:58:09.0823 3612 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:58:09.0886 3612 MSPCLOCK - ok
16:58:09.0995 3612 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:58:10.0042 3612 MSPQM - ok
16:58:10.0073 3612 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:58:10.0104 3612 MsRPC - ok
16:58:10.0151 3612 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:58:10.0166 3612 mssmbios - ok
16:58:10.0182 3612 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:58:10.0244 3612 MSTEE - ok
16:58:10.0354 3612 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:58:10.0369 3612 Mup - ok
16:58:10.0432 3612 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:58:10.0478 3612 NativeWifiP - ok
16:58:10.0619 3612 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:58:10.0650 3612 NDIS - ok
16:58:10.0759 3612 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:58:10.0822 3612 NdisTapi - ok
16:58:10.0868 3612 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:58:10.0915 3612 Ndisuio - ok
16:58:11.0024 3612 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:58:11.0071 3612 NdisWan - ok
16:58:11.0118 3612 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:58:11.0149 3612 NDProxy - ok
16:58:11.0243 3612 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:58:11.0305 3612 NetBIOS - ok
16:58:11.0352 3612 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:58:11.0414 3612 netbt - ok
16:58:11.0758 3612 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys
16:58:12.0319 3612 NETw3v32 - ok
16:58:12.0428 3612 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:58:12.0475 3612 nfrd960 - ok
16:58:12.0569 3612 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:58:12.0616 3612 Npfs - ok
16:58:12.0694 3612 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:58:12.0756 3612 nsiproxy - ok
16:58:13.0333 3612 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:58:13.0411 3612 Ntfs - ok
16:58:13.0505 3612 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
16:58:13.0520 3612 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
16:58:13.0520 3612 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
16:58:13.0583 3612 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:58:13.0676 3612 ntrigdigi - ok
16:58:13.0817 3612 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:58:13.0864 3612 Null - ok
16:58:14.0082 3612 nvlddmkm (dcb0f735bb78497f6076177eb7d20214) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:58:14.0800 3612 nvlddmkm - ok
16:58:14.0924 3612 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
16:58:14.0956 3612 nvraid - ok
16:58:14.0971 3612 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
16:58:15.0002 3612 nvstor - ok
16:58:15.0034 3612 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
16:58:15.0065 3612 nv_agp - ok
16:58:15.0065 3612 NwlnkFlt - ok
16:58:15.0096 3612 NwlnkFwd - ok
16:58:15.0143 3612 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
16:58:15.0221 3612 ohci1394 - ok
16:58:15.0361 3612 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:58:15.0470 3612 Parport - ok
16:58:15.0502 3612 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:58:15.0517 3612 partmgr - ok
16:58:15.0548 3612 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:58:15.0642 3612 Parvdm - ok
16:58:15.0736 3612 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:58:15.0767 3612 pci - ok
16:58:15.0814 3612 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys
16:58:15.0829 3612 pciide - ok
16:58:15.0876 3612 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
16:58:15.0923 3612 pcmcia - ok
16:58:16.0048 3612 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:58:16.0297 3612 PEAUTH - ok
16:58:16.0453 3612 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:58:16.0516 3612 PptpMiniport - ok
16:58:16.0562 3612 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
16:58:16.0656 3612 Processor - ok
16:58:16.0781 3612 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:58:16.0828 3612 PSched - ok
16:58:16.0890 3612 PSDFilter (671f788336dd6a129d0b3743cece6eef) C:\Windows\system32\DRIVERS\psdfilter.sys
16:58:16.0952 3612 PSDFilter - ok
16:58:17.0062 3612 PSDNServ (be1404b19f7708a89f0f680e6f2cf110) C:\Windows\system32\drivers\PSDNServ.sys
16:58:17.0124 3612 PSDNServ - ok
16:58:17.0155 3612 psdvdisk (6de3cbb3f8c8a94cad7716b91c4b8951) C:\Windows\system32\drivers\psdvdisk.sys
16:58:17.0233 3612 psdvdisk - ok
16:58:17.0296 3612 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
16:58:17.0405 3612 ql2300 - ok
16:58:17.0530 3612 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:58:17.0545 3612 ql40xx - ok
16:58:17.0608 3612 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:58:17.0670 3612 QWAVEdrv - ok
16:58:17.0764 3612 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:58:17.0826 3612 RasAcd - ok
16:58:17.0873 3612 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:58:17.0935 3612 Rasl2tp - ok
16:58:18.0029 3612 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:58:18.0076 3612 RasPppoe - ok
16:58:18.0107 3612 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:58:18.0138 3612 RasSstp - ok
16:58:18.0185 3612 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:58:18.0247 3612 rdbss - ok
16:58:18.0294 3612 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:58:18.0356 3612 RDPCDD - ok
16:58:18.0450 3612 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
16:58:18.0559 3612 rdpdr - ok
16:58:18.0590 3612 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:58:18.0653 3612 RDPENCDD - ok
16:58:18.0715 3612 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:58:18.0793 3612 RDPWD - ok
16:58:18.0918 3612 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:58:18.0980 3612 rspndr - ok
16:58:19.0043 3612 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:58:19.0074 3612 sbp2port - ok
16:58:19.0230 3612 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
16:58:19.0277 3612 sdbus - ok
16:58:19.0292 3612 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:58:19.0402 3612 secdrv - ok
16:58:19.0433 3612 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:58:19.0511 3612 Serenum - ok
16:58:19.0542 3612 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:58:19.0620 3612 Serial - ok
16:58:19.0729 3612 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:58:19.0792 3612 sermouse - ok
16:58:19.0838 3612 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
16:58:19.0932 3612 sffdisk - ok
16:58:20.0026 3612 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
16:58:20.0119 3612 sffp_mmc - ok
16:58:20.0150 3612 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
16:58:20.0260 3612 sffp_sd - ok
16:58:20.0275 3612 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:58:20.0384 3612 sfloppy - ok
16:58:20.0494 3612 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
16:58:20.0525 3612 sisagp - ok
16:58:20.0556 3612 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
16:58:20.0572 3612 SiSRaid2 - ok
16:58:20.0603 3612 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
16:58:20.0618 3612 SiSRaid4 - ok
16:58:20.0681 3612 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:58:20.0728 3612 Smb - ok
16:58:20.0821 3612 SMSCIRDA (ced16c76469ba00e2ab310857cd4c767) C:\Windows\system32\DRIVERS\SMSCirda.sys
16:58:20.0868 3612 SMSCIRDA - ok
16:58:20.0915 3612 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:58:20.0946 3612 spldr - ok
16:58:21.0040 3612 sptd - ok
16:58:21.0102 3612 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:58:21.0149 3612 srv - ok
16:58:21.0180 3612 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:58:21.0227 3612 srv2 - ok
16:58:21.0320 3612 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:58:21.0367 3612 srvnet - ok
16:58:21.0414 3612 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\Windows\system32\DRIVERS\ssmdrv.sys
16:58:21.0430 3612 ssmdrv - ok
16:58:21.0570 3612 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:58:21.0586 3612 swenum - ok
16:58:21.0632 3612 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:58:21.0648 3612 Symc8xx - ok
16:58:21.0679 3612 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:58:21.0695 3612 Sym_hi - ok
16:58:21.0726 3612 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:58:21.0742 3612 Sym_u3 - ok
16:58:21.0851 3612 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys
16:58:21.0944 3612 SynTP - ok
16:58:22.0022 3612 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
16:58:22.0116 3612 Tcpip - ok
16:58:22.0256 3612 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
16:58:22.0350 3612 Tcpip6 - ok
16:58:22.0459 3612 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:58:22.0537 3612 tcpipreg - ok
16:58:22.0568 3612 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:58:22.0600 3612 TDPIPE - ok
16:58:22.0631 3612 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:58:22.0693 3612 TDTCP - ok
16:58:22.0787 3612 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:58:22.0849 3612 tdx - ok
16:58:22.0896 3612 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:58:22.0912 3612 TermDD - ok
16:58:22.0990 3612 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:58:23.0036 3612 tssecsrv - ok
16:58:23.0146 3612 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:58:23.0192 3612 tunmp - ok
16:58:23.0239 3612 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:58:23.0270 3612 tunnel - ok
16:58:23.0395 3612 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
16:58:23.0426 3612 uagp35 - ok
16:58:23.0489 3612 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:58:23.0536 3612 udfs - ok
16:58:23.0567 3612 UIUSys - ok
16:58:23.0614 3612 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
16:58:23.0629 3612 uliagpkx - ok
16:58:23.0754 3612 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
16:58:23.0770 3612 uliahci - ok
16:58:23.0801 3612 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:58:23.0832 3612 UlSata - ok
16:58:23.0863 3612 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:58:23.0894 3612 ulsata2 - ok
16:58:23.0926 3612 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:58:23.0972 3612 umbus - ok
16:58:24.0113 3612 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:58:24.0175 3612 usbccgp - ok
16:58:24.0222 3612 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:58:24.0316 3612 usbcir - ok
16:58:24.0425 3612 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:58:24.0487 3612 usbehci - ok
16:58:24.0518 3612 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:58:24.0581 3612 usbhub - ok
16:58:24.0628 3612 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:58:24.0690 3612 usbohci - ok
16:58:24.0815 3612 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:58:24.0862 3612 usbprint - ok
16:58:24.0908 3612 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:58:24.0955 3612 usbscan - ok
16:58:25.0002 3612 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:58:25.0064 3612 USBSTOR - ok
16:58:25.0283 3612 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:58:25.0345 3612 usbuhci - ok
16:58:25.0517 3612 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
16:58:25.0626 3612 vga - ok
16:58:25.0720 3612 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:58:25.0829 3612 VgaSave - ok
16:58:26.0188 3612 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
16:58:26.0219 3612 viaagp - ok
16:58:26.0250 3612 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
16:58:26.0359 3612 ViaC7 - ok
16:58:26.0390 3612 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
16:58:26.0422 3612 viaide - ok
16:58:26.0515 3612 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:58:26.0546 3612 volmgr - ok
16:58:26.0609 3612 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:58:26.0640 3612 volmgrx - ok
16:58:26.0687 3612 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:58:26.0718 3612 volsnap - ok
16:58:26.0812 3612 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
16:58:26.0843 3612 vsmraid - ok
16:58:26.0890 3612 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:58:26.0999 3612 WacomPen - ok
16:58:27.0077 3612 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:58:27.0124 3612 Wanarp - ok
16:58:27.0155 3612 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:58:27.0202 3612 Wanarpv6 - ok
16:58:27.0326 3612 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
16:58:27.0342 3612 Wd - ok
16:58:27.0404 3612 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:58:27.0482 3612 Wdf01000 - ok
16:58:27.0638 3612 winachsf (cf27edac75c87f2b776d9218f02f8301) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:58:27.0763 3612 winachsf - ok
16:58:27.0919 3612 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:58:27.0966 3612 WmiAcpi - ok
16:58:28.0044 3612 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:58:28.0106 3612 WpdUsb - ok
16:58:28.0216 3612 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:58:28.0262 3612 ws2ifsl - ok
16:58:28.0325 3612 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:58:28.0387 3612 WUDFRd - ok
16:58:28.0434 3612 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
16:58:28.0465 3612 XAudio - ok
16:58:28.0496 3612 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
16:58:29.0635 3612 \Device\Harddisk0\DR0 - ok
16:58:29.0682 3612 Boot (0x1200) (4cc72eb46e56d8787aff5a468a7daae6) \Device\Harddisk0\DR0\Partition0
16:58:29.0682 3612 \Device\Harddisk0\DR0\Partition0 - ok
16:58:29.0698 3612 Boot (0x1200) (7ba3a117ba13b9fc456f0cbeade6f1a2) \Device\Harddisk0\DR0\Partition1
16:58:29.0698 3612 \Device\Harddisk0\DR0\Partition1 - ok
16:58:29.0698 3612 ============================================================
16:58:29.0698 3612 Scan finished
16:58:29.0698 3612 ============================================================
16:58:29.0713 1096 Detected object count: 1
16:58:29.0713 1096 Actual detected object count: 1
16:59:25.0202 1096 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
16:59:25.0202 1096 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:00:06.0917 2732 Deinitialize success
Geändert von Larusso (08.01.2012 um 22:06 Uhr) |
|
05.01.2012, 20:30
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kürzlich angezeigter Backdoor:/win32/cybot.B und Rootkit noch im System? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Kürzlich angezeigter Backdoor:/win32/cybot.B und Rootkit noch im System? |
| 0x00000001, acer aspire, autorun, avira, backdoor, bho, bonjour, error, explorer, firefox, format, home, hook, internet, logfile, nvidia, plug-in, popup, port, programme, proxy-server, realtek, registry, registry booster, rootkit, safer networking, scan, speicherplatz, system, temp, trojaner, vista |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
